Proponents of Canada's Bill C-30, otherwise known as the Protection Children from Internet Predators Act, say that it will merely bring the country in line with other nations that have some form of lawful access and data preservation and retention legislation.
This is precisely why Canadians should be worried if Parliament decides to let the bill pass in its present form.
The UK lawful access experience
There is no shortage of research which indicates that implementation of an online surveillance regime in the European Union and the United States have been fraught with flaws, abuse and costs ultimately shouldered by Internet Service Providers tasked by government to essentially snoop on their customers.
More than 10 years ago the United Kingdom passed the Regulation of Investigatory Powers Act (RIPA) to extend law enforcement agencies’ access to communication systems to help police battle crime and terrorist-related activities. Under a voluntary code of practice, ISPs retain data such as content of email servers, email server logs, IP addresses, SMS messages and others from six to 12 months.
Reports from the Interception Commissioner, which provides a yearly assessment of interception of communication traffic, indicate that a growing number of “interception errors,” according to a paper written by Christopher Parsons of the Political Science Department at the University of Victoria.
In 2007, there were 24 interception errors and breaches found which the Commissioner deemed to be “to high” according to Parsons.
In 2009, 36 interception errors and breaches attributed to the General Communications Headquarters, the Secret Service, Her Majesty’s Revenue and Customs, the Serious Organized Crime Agency, The Scottish Government, the Metropolitan Police Counter Terrorism Command and the National Technical Assistance Centre. During this year there were a total of 525,130 requests for communications data that resulted in 661 reported errors.
Related Story - Lawful access ‘enormous financial burden’ for business
Furthermore, Parsons found that the requested data was not always used to deter crime. In the instance of one family subjected to excessive surveillance (21 acts in three weeks) data was requested to determine the family’s eligibility to send their children to a local school.
A report released by the U.K-based civil liberties group Big Brother Watch paints a troubling picture of how law enforcement agents handle data that passes through their hands.
The organization found that between 2007 and 2010:
-243 police offices and staff received criminal convictions for breaching the country’s Data Protection Act (DPA) -98 police officers and staff were terminated for breaching DPA -904 police officers and staff were subjected to internal disciplinary procedures for breaching DPA
In one notable case, no less than 208 officers and staff received legal caution for viewing computer records related to a high profile crime. In another, a staff member was dismissed for discussing policing information on Facebook. Numerous others were found to have accessed criminal records and personal data for no obvious policing purposes.
US CALEA was heavy burden
In the United States, the problem is more significant, according to Parsons who says the country “suffers from endemic inappropriate surveillance.” He said the National Security Agency (NSA) reportedly runs a warrantless wiretapping system with the assistance of major telecom providers such as AT&T. A large amount of the surveillance conducted by state and federal agencies go unreported.
“Without reports, it is challenging to determine if access was appropriate or necessary,” he said.
Back in 1994, the U.S. enacted the Communications Assistance for Law Enforcement Act (CALEA) which imposed interception capabilities on telecom service providers. Today, The Defence Department continues to call for ISPs to retain data for two years. The department is also developing a system for monitoring Internet traffic and federal law enforcement is requesting the extension of CALEA to include other providers such as Facebook and Skype.
If we would like to have an idea of how much it might cost Canadian ISPs to retrofit existing networks to facilitate the “snoop and scoop” activities outlined in Bill C-30, we can look to the U.S. as well for an example.
In addition to data storage CALEA also required providers to make their systems “intercept ready”. Prior to CALEA enactment the industry estimated this would cost them between $3 and $5 billion, the FBI’s estimate was around $500 million to $1 billion. Since then industry has lowered its estimate to $1.3 billion, but Parsons notes that this figure did not include VoIP-based communications.
In Canada, small ISPs have repeatedly voiced concerns that compliance with to lawful access legislation will be a costly burden.
But it is not only the financial cost that businesses should be worried about. Requiring providers to render their systems “surveillance ready” will introduce security vulnerabilities to their systems.
Requiring companies to build a “backdoor” for law enforcement agencies to access their networks and accomplish a data dump creates a single “point of failure” which hackers can exploit, according to John Villasenor, professor of electronics engineering at the University of California.
It might be argued that a surveillance technology that cannot be penetrated by hackers can be securely built. If Bill C-30 is about trusting those in charge, I’m a bit worried. The current track record of government agencies both here and in the U.S. in protecting their own networks against breaches is not very encouraging.
In 2011, the Central Intelligence Agency’s own Web site was taken down by the hackers group LulzSec. The same group stole 180 passwords of members of an FBI affiliate.
That same, hackers believed to be based in China, launched a cyber attack on several Canadian government departments to steal classified information.
Yes, I agree we should look at other nations that have implemented their online surveillance laws. I think if we look closely we’ll probably find more reasons not to rush towards having one.
Nestor Arellano is a senior writer for ITBusiness.ca. Follow him on Twitter, read his blogs and join the ITBusiness.ca Facebook Page.
Comments
Thelaughingman Fucu said: Stephen Harper Rob Nicholson John Baird and Vic Toews along with the rest of the Conservatives are liars cheats and thieves They are fascists and would turn our country into an Orwellian nightmare Canada needs to rise up and occupy the parliament remove the Conservatives from power followed by some good old fashion tarring and feathering finish with banishing from Canada Finally Canadians need some laws that allow us to force referendums on the government and punish corrupt politicians who think they can screw with their people their employers you and mePeople shouldnt fear the government the government should fear the people
Rwolf said: Canada Britain amp US Government want to Spy On ItsCitizens Electronic CommunicationsThe Canadian Commons recent BillC-30 wouldgive any Canadian police officer without a warrantthe power torequest Internet service providers turn over customer information see section17 of C-30 cause the same loss of electronic privacy and civil liberties thatBritish Government recently proposedto spy on Brits electroniccommunications Is it coincidence the British and Canadian proposals appear tomirror legislation US Government said it wanted passed in 2011 to spy on USCitizensOverlooked by mainstream media is that Britain and Canada signed with the USGovernment an array of Asset Forfeiture Sharing Agreements to share withCanadian and British PoliceGovernments assets seized from Brits Canadians andAmericans that resulted from eg evidence or information gleaned fromelectronic surveillance of Citizens communications eg emails faxesInternet actively phone records including GPS trackingCompare with US Governmentsproposal to electronically monitor spy on Americans without a warrantwithCanadas recent eavesdropping Bill C-30 and British Governments plan to spyon its Citizens electronic communicationsUS Government wants the power to introduce as evidence in criminalprosecutions and government civil trials any phone call record email orInternet activity That would open the door for Police to take out of contextany innocenthastily written email fax or phone call record to allege a crimeor violation was committed to cause a persons arrest fines and or civil assetforfeiture of their property There are more than 350 laws and violations thatcan subject property to government asset forfeiture Government civil assetforfeiture requires only a civil preponderance of evidence for police toforfeit property little more than hearsay If the US Justice Department has its way any information the FBI derivesfrom circumventing the Fourth Amendment ie no warrant searches of WebServer Records a Citizens Internet Activity personal emails fax phonecalls may be used by the FBI for fishing expeditions to issue subpoenas inhopes of finding evidence or to prosecute Citizens for any alleged crime orviolation Consider that neither Congress nor the courtsdetermined what Bush IINSA electronic surveillance perhaps illegal could be used by police orintroduced into court by government to prosecute Americans criminally orcivilly If US Justice Department is permitted No-Warrant surveillance ofall electronic communications it is problematic state and local lawenforcement agencies and private government contractors will want access toprior Bush II NSA and other government illegally obtained electronic recordsnot limited toAmericans Internet activity private emails faxes and phonecalls to secure evidence to arrest Americans assess fines and or civillyforfeit their homes businesses and other assets under Title 18USC and otherlaws Of obvious concern what happens to fair justice in America if policebecome dependent on Asset Forfeiture to help pay their salaries and budgetoperating costsThe Civil Asset Forfeiture Reform Act of 2000 effectively eliminated thefive year statue of limitations for Government Civil Asset Forfeiture thestatute now runs five years from the date police allege they learned anasset became subject to forfeiture It is foreseeable should no warrantgovernment electronic surveillance be approved police will relentlessly siftthrough business and Citizens government retained Internet data emails andphone communications to discover possible crimes or civil violations A corruptdespot US Government can too easily use no-warrantseized emails Internetdata and phone call information to blackmail Americans corporations andothers in the same manner Hitler utilized his police state passed laws toextort support for the Nazi fascist government including getting parliament topass Hitlers 1933 Discriminatory Decrees that suspended the ConstitutionalFreedoms of German Citizens A Nazi Government threat of Property SeizureAsset Forfeiture of an individual or corporations assets was usuallysufficient to ensure Nazi supportUnder US federal civilforfeiture laws a person or business need not be charged with a crime forgovernment to forfeit their property Most US Citizens property and businessowners that defend their assets against Government Civil Asset Forfeiture claiman innocent owner defense This defense can become a criminal prosecutiontrap for both guilty and innocent property owners Any fresh denial of guiltmade to government when questioned about committing a crime even when you didnot do the crime may involuntarily waive a defendants right to assert intheir defensethe Criminal Statute of Limitations past for prosecution anyfresh denial of guilt even 30 years after a crime was committed may allowGovernment prosecutors to use old and new evidence including informationdiscovered during a Civil Asset Forfeiture Proceeding to launch a criminalprosecution For that reason many innocent Americans property and businessowners are reluctant to defend their property and businesses against GovernmentCivil Asset Forfeiture Re waiving Criminal Statute of Limitations see USC18 Sec1001 James BroganV United States N096-1579 US See paragraph 6 at httpwwwlawcornelledusup